CVE-2018-14568

Suricata before 4.0.5 stops TCP stream inspection upon a TCP RST from a server. This allows detection bypass because Windows TCP clients proceed with normal processing of TCP data that arrives shortly after an RST (i.e., they act as if the RST had not yet been received).
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 52%
VendorProductVersion
suricata-idssuricata
𝑥
< 4.0.5
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
suricata
bullseye
1:6.0.1-3
fixed
stretch
no-dsa
jessie
no-dsa
bookworm
1:6.0.10-1
fixed
sid
1:7.0.7-1
fixed
trixie
1:7.0.7-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
suricata
noble
not-affected
mantic
not-affected
lunar
not-affected
kinetic
not-affected
jammy
not-affected
impish
dne
hirsute
dne
groovy
dne
focal
dne
eoan
ignored
disco
ignored
cosmic
ignored
bionic
needs-triage
xenial
needs-triage
trusty
dne
References
https://github.com/OISF/suricata/pull/3428/commits/843d0b7a10bb45627f94764a6c5d468a24143345
https://github.com/kirillwow/ids_bypass
https://redmine.openinfosecfoundation.org/issues/2501
https://suricata-ids.org/2018/07/18/suricata-4-0-5-available/
https://github.com/OISF/suricata/pull/3428/commits/843d0b7a10bb45627f94764a6c5d468a24143345
https://github.com/kirillwow/ids_bypass
https://redmine.openinfosecfoundation.org/issues/2501
https://suricata-ids.org/2018/07/18/suricata-4-0-5-available/